Incident Response (IR) Revamp
Incident Response (IR) Revamp
Introduction
Incident response is a method that is well organized to manage and address the effects of an attack, security threat, or breach. The reason for carrying out incidence response is to assist the involved parties to control the situation in a manner that reduces damage, cost, and time of response (Oltsik, 2015). As a new manager of the incident response team, the interest is to restructure the team in preparedness for any disaster that may happen. This paper analyzes how to revamp incident response team.
Measures and interventions should be put in place to reduce the possibility of a security challenge from happening. As the manager in charge of the incident response team, one should apply different techniques to increase the efficiency of the team (Cichonski et al., 2012). Efforts should be put in ensuring that the team, and personnel structures are well sharpened. The number, training, and expertise of the workers should be improved to enhance the incident response. For quality and quick solutions to problems, highly qualified workers should constitute the response team (Cichonski et al., 2012).
The tools, utilities, and all necessary facilities should be made available to the team to ensure that its operations are run effectively (Cichonski et al., 2012). The operational procedures should be streamlined so that the time of response is reduced proportionately.
Role that an IDS / IPS would play in the IR efforts
Both the intrusion detection systems and intrusion prevention system would play significant roles in the incident response efforts (Snyder, 2009). Any anomalous or incorrect activity, within the organization, will be noticed by the use of the IDS. This will facilitate the process by reducing the reaction or response time. The IPS will prevent any attacks or threats to the security from occurring and this is very important as the aim of the incident response team is to reduce the number of threats or attacks (Snyder, 2009).
The use of NIST SP800-61, Rev. 1 in the IR efforts
The National Institute of Standards and Technology (NIST) established a guide that was to handle computer security incidences. It was a special publication with the reference number as NIST SP800-61, Rev. 1. The aim was to assist different organizations on how to handle security issues and threats related to computers. As a manager of the incident response team, the use of this guideline would be very important (Cichonski et al., 2012).
The document spells out what is supposed to be done to enhance effective incident response. The personnel following this guideline would be in a position to detect and classify the incidences in a correct way (Cichonski et al., 2012). This will then make sure that the response mounted towards the incidence is appropriate and timely. The procedures followed will be appropriate if the guide if followed
The use of log management systems as a legitimate and useful component of the IR efforts
Log management helps in the management of large volumes of data. With such a system, the data is usually stored in a safe manner. It would form a very important and legitimate part of the incident response efforts in the organization. Standard log scrutiny has benefits in that it helps to identify policy violations, security incidents, troubles in operations, and fraudulent activity (Kent & Souppaya, 2006).
Conclusion
Security issues, threats, and attacks do occur to all most all organizations in the world. Therefore, a good incident response team should be able to handle these incidents. As a new manager to such a team, restructuring the team and strengthening the IR efforts should remain priorities, if the response is to be improved.
References
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide. NIST Special Publication, 800, 61
Kent, K., & Souppaya, M. (2006). Special publication 800-92 guide to computer security log management recommendations of the national institute of standards and technology. Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
Oltsik, J. (2015). Incident response: More art than science. Retrieved January 27, 2017, from http://www.networkworld.com/article/2973064/cisco-subnet/incident-response-more-art-than-science.html
Snyder, J. (2009). Do you need an IDS or IPS, or both? Retrieved January 27, 2017, from http://searchsecurity.techtarget.com/Do-you-need-an-IDS-or-IPS-or-both
